moo.core.tests.test_security_sandbox

Security tests: RestrictedPython write/read guards and string formatting.

Covers: _write_.__setitem__, _getitem_, str.format/format_map, dict.update known gap (passes 3, 4, 5).

Functions

`test_dict_update_bypasses_write_guard`()	dict.update({'__class__': x}) inserts underscore keys at C level, bypassing _write_.__setitem__.
`test_getitem_normal_keys_still_work`()	Normal (non-underscore) key reads must continue to work.
`test_getitem_underscore_key_blocked`()	Reading d['__class__'] in restricted code must raise KeyError.
`test_str_format_blocked_even_via_variable`()	The format string can be constructed at runtime to defeat static scanning.
`test_str_format_class_method_blocked`()	str.format(template, arg) calls format as a class-level unbound method.
`test_str_format_class_method_blocked_with_dunder`()	str.format with a dunder chain in the template must also be blocked.
`test_str_format_dunder_blocked`()	str.format() is blocked to prevent C-level dunder traversal.
`test_str_format_map_dunder_blocked`()	str.format_map() is blocked for the same reason as str.format().
`test_str_normal_methods_still_work`()	Blocking .format must not affect other string methods.
`test_str_replace_still_works`()	str.replace() is the safe substitution method used by message verbs.
`test_write_setitem_underscore_key_blocked`()	obj['__class__'] = x must raise KeyError in restricted code.